Re: user authentication on attributes

sim123 Wed, 30 Mar 2011 12:19:47 -0700

On Wed, Mar 30, 2011 at 7:49 AM, Dan White <[email protected]> wrote:

> On 30/03/11 04:36 -0700, sim123 wrote:
>
>> On Tue, Mar 29, 2011 at 7:43 PM, Dan White <[email protected]> wrote:
>>
>>> It looks like the search is not returning any entries. From your
>>> confluence
>>> server, can you perform an ldapsearch as your privileged user to see if
>>> you
>>> get any entries returned?
>>>
>>
>> Thanks for your reply. You got me right and I am sure the first two things
>> are working so my authentication user has privileges, Confluence is
>> submitting base,scope and filter. I am not sure about the third point,
>> needs
>> to validate it.
>>
>> I tried doing ldapsearch from ldap server machine (local) and from
>> confluence server using filter on uid/cn. However, don't know why wild
>> card
>> works and specific search doesn't.
>>
>> ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b
>> 'ou=users,dc=example,dc=com' '(uid=123)'
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <ou=users,dc=example,dc=com> with scope subtree
>> # filter: (uid=123)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 1
>>
>> where as
>> ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b
>> 'ou=users,dc=example,dc=com' '(uid=123*)'
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <ou=users,dc=example,dc=com> with scope subtree
>> # filter: (uid=123*)
>> # requesting: ALL
>> #
>>
>> # 123, users, example.com
>> dn: uid=123,ou=users,dc=example,dc=com
>> displayName: Barbara Jason
>> objectClass: inetOrgPerson
>> objectClass: organizationalPerson
>> objectClass: person
>> objectClass: top
>> mail: [email protected]
>> uid: 123
>> userPassword:: bXJhanZhaWR5YQ==
>> sn: Jason
>> cn: Barbara
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> again, I tried searching for it but couldn't find it, sorry for being
>> naive
>> but would appreciate any help. Thanks
>>
>
> My guess is that you're running into a bdb/hdb indexing problem. Try adding
> an index in your slapd.conf/slapd-config for uid (if it doesn't exist), and
> then rebuild your indexes using slapindex.
>
> See the man pages for slapd-bdb/slapd-hdb and slapindex for details.
>
> --
> Dan White
>


Thanks for your response, its index, I recreated the index and cane do
ldapsearch.

Confluence is doing the three step process you described i.e Init session
and bind with confluence user, search for dn and bind with dn. For some
reason I see search can not find anything and log says:

bdb_nidex_read: failed (-30988)
----
bdb_search: no candidates

I had it working once!! don't know what magic happend that time ...  posting
logs incase there is any clue there :

*Success Logs*
slap_listener_activate(8):
>>> slap_listener(ldap:///)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 43 contents:
op tag 0x60, time 1301501949
ber_get_next
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=example,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,
dc=example,dc=com>
*do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128*
do_bind: v3 bind: "cn=Manager,dc=example,dc=com" to "cn=Manager,
dc=example,dc=com"
send_ldap_result: conn=1000 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 12
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 120 contents:
op tag 0x63, time 1301501949
ber_get_next
conn=1000 op=1 do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=users,dc=example,dc=com>
<<< dnPrettyNormal: <ou=users,dc=example,dc=com>, <ou=dc=example,dc=com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
=> bdb_search
bdb_dn2entry("ou=users,dc=example,dc=com")
=> bdb_dn2id("dc=example,dc=com")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("ou=users,dc=example,dc=com")
<= bdb_dn2id: got id=0x3
entry_decode: "ou=users,dc=example,dc=com"
<= entry_decode(ou=users,dc=example,dc=com)
search_candidates: base="ou=users,dc=example,dc=com" (0x00000003) scope=2
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30988)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_dn2idl("ou=users,dc=example,dc=com")
<= bdb_dn2idl: id=2 first=3 last=6
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read 2 candidates
<= bdb_equality_candidates: id=2, first=6, last=7
=> bdb_equality_candidates (cn)
=> key_read
<= bdb_index_read 1 candidates
<= bdb_equality_candidates: id=1, first=6, last=6
bdb_search_candidates: id=1 first=6 last=6
*entry_decode: "uid=123,ou=users,dc=example,dc=com"*
<= entry_decode(uid=123,ou=users,dc=example,dc=com)
=> bdb_dn2id("uid=123,ou=users,dc=example,dc=com")
<= bdb_dn2id: got id=0x6
*=> send_search_entry: conn 1000 dn="uid=123,ou=users,dc=example,dc=com"*
ber_flush2: 265 bytes to sd 12
<= send_search_entry: conn 1000 exit.
send_ldap_result: conn=1000 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush2: 14 bytes to sd 12
slap_listener_activate(8):
>>> slap_listener(ldap:///)
connection_get(15): got connid=1001
connection_read(15): checking for input on id=1001
ber_get_next
ber_get_next: tag 0x30 len 52 contents:
op tag 0x60, time 1301501949
ber_get_next
conn=1001 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <uid=123,ou=users,dc=example,dc=com>
<<< dnPrettyNormal: <uid=123,ou=users,dc=example,dc=com>, <uid=123,ou=users,
dc=example,dc=com>
*do_bind: version=3 dn="uid=123,ou=users,dc=example,dc=com" method=128*
bdb_dn2entry("uid=123,ou=users,dc=example,dc=com")
do_bind: v3 bind: "uid=123,ou=users,dc=example,dc=com" to
"uid=123,ou=users,dc=example,dc=com"
send_ldap_result: conn=1001 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 15
connection_get(15): got connid=1001
connection_read(15): checking for input on id=1001
ber_get_next
ber_get_next: tag 0x30 len 34 contents:
op tag 0x42, time 1301501968
ber_get_next
ber_get_next on fd 15 failed errno=0 (Success)
conn=1001 op=1 do_unbind
connection_close: conn=1001 sd=15

*Failure log*

connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 118 contents:
op tag 0x63, time 1301512406
ber_get_next
conn=1000 op=2 do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <ou=users,dc=example,dc=com>
<<< dnPrettyNormal: <ou=users,dc=example,dc=com>, <ou=users,
dc=example,dc=com>
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({mm}) ber:
ber_scanf fmt ({M}}) ber:
=> get_ctrls
ber_scanf fmt ({m) ber:
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
=> bdb_search
bdb_dn2entry("ou=users,dc=example,dc=com")
search_candidates: base="ou=users,dc=example,dc=com" (0x00000003) scope=2
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30988)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_dn2idl("ou=users,dc=example,dc=com")
<= bdb_dn2idl: id=2 first=3 last=6
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read 2 candidates
<= bdb_equality_candidates: id=2, first=6, last=7
=> bdb_equality_candidates (cn)
=> key_read
<= bdb_index_read: failed (-30988)
<= bdb_equality_candidates: id=0, first=0, last=0
bdb_search_candidates: id=0 first=3 last=0
*bdb_search: no candidates*
send_ldap_result: conn=1000 op=2 p=3
send_ldap_response: msgid=3 tag=101 err=0
ber_flush2: 14 bytes to sd 12

Thanks

Re: user authentication on attributes

Reply via email to